On Sat, Aug 02, 2003, Shachar Shemesh wrote about "Re: [Key Signing] Problems Downloading Some of the Keys": > Yes, but it is impolite to force me to publisice my key. I may or may > not choose to do so.
I'm sorry Shachar, but you do not have this choice. PGP is based on the web-of-trust model where people are encourage to post keys on public servers. In fact, you are explicitly allowed to post someone else's public key to the servers. If the servers had wanted, they could have easily asked you to prove that you own this key, but they don't. Deliberately. So even if you don't post your own key to one of the keyrings, don't be surprised if sometime in the future your public key pops up there. How? If someone does so deliberately (like Muli did), unintentionally (like someone signing your key, and not knowing your "policy" send it to a keyring rather than directly to you) or entirely by accident (if one of the people who know you send their entire public-key ring to a key server). This is not the only privacy problems with public public-key rings, by the way. Another problem is that people can sign your public-key at their whim, without you needing to authorize it. This means spammers (or other bad guys) can get a list of your friends and acquaintances, whether you want that or not. Someone who's not you're friend could sign your key for fun or profit (imagine a signature by "Bin Laden" popping up on your public key). Someone could sign and then retract his signature a hundred times on your public key, making it annoyingly big, just to mess with you. > If I have a seperate public key for friends or if I don't want spammers > to use my gpg email are two random examples. I wonder when people will understand that hiding your email address from spammers is a losing battle... Trying to hide something that was *designed* to be public, be it email addresses or PGP public-keys, is futile. -- Nadav Har'El | Sunday, Aug 3 2003, 5 Av 5763 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |My password is my dog's name. His name is http://nadav.harel.org.il |[EMAIL PROTECTED], but I change it every month. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
